CVE-2025-22226

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Published: Mar 4, 2025
Updated: May 4, 2025
CVE: CVE-2025-22226
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
vmware / esxi	7.0-beta	7.0-beta.x
vmware / esxi	7.0-update_1	7.0-update_1.x
vmware / esxi	7.0-update_1a	7.0-update_1a.x
vmware / esxi	7.0-update_1b	7.0-update_1b.x
vmware / esxi	7.0	7.0.x
vmware / esxi	7.0-update_2	7.0-update_2.x
vmware / esxi	7.0-update_1c	7.0-update_1c.x
vmware / esxi	7.0-update_1d	7.0-update_1d.x
vmware / esxi	7.0-update_1e	7.0-update_1e.x
vmware / esxi	7.0-update_2a	7.0-update_2a.x
vmware / esxi	7.0-update_2c	7.0-update_2c.x
vmware / esxi	7.0-update_2d	7.0-update_2d.x
vmware / esxi	7.0-update_2e	7.0-update_2e.x
vmware / esxi	7.0-update_3	7.0-update_3.x
vmware / esxi	7.0-update_3c	7.0-update_3c.x
vmware / esxi	7.0-update_3d	7.0-update_3d.x
vmware / esxi	7.0-update_3e	7.0-update_3e.x
vmware / esxi	7.0-update_3g	7.0-update_3g.x
vmware / esxi	7.0-update_3f	7.0-update_3f.x
vmware / esxi	7.0-update_3i	7.0-update_3i.x
vmware / esxi	7.0-update_3j	7.0-update_3j.x
vmware / esxi	7.0-update_3k	7.0-update_3k.x
vmware / esxi	7.0-update_3l	7.0-update_3l.x
vmware / esxi	7.0-update_3m	7.0-update_3m.x
vmware / esxi	7.0-update_3n	7.0-update_3n.x
vmware / esxi	7.0-update_3o	7.0-update_3o.x
vmware / esxi	7.0-update_3p	7.0-update_3p.x
vmware / esxi	7.0-update_3q	7.0-update_3q.x
vmware / esxi	7.0-update_3r	7.0-update_3r.x
vmware / esxi	8.0	8.0.x
vmware / esxi	8.0-a	8.0-a.x
vmware / esxi	8.0-b	8.0-b.x
vmware / esxi	8.0-c	8.0-c.x
vmware / esxi	8.0-update_1	8.0-update_1.x
vmware / esxi	8.0-update_1a	8.0-update_1a.x
vmware / esxi	8.0-update_1c	8.0-update_1c.x
vmware / esxi	8.0-update_1d	8.0-update_1d.x
vmware / esxi	8.0-update_2	8.0-update_2.x
vmware / esxi	8.0-update_2b	8.0-update_2b.x
vmware / esxi	8.0-update_2c	8.0-update_2c.x
vmware / esxi	8.0-update_3	8.0-update_3.x
vmware / esxi	8.0-update_3b	8.0-update_3b.x
vmware / esxi	8.0-update_3c	8.0-update_3c.x
vmware / fusion	13.0.0	13.6.3
vmware / workstation	17.0	17.6.3
vmware / telco_cloud_infrastructure	2.2	2.2.x
vmware / telco_cloud_infrastructure	2.5	2.5.x
vmware / telco_cloud_infrastructure	2.7	2.7.x
vmware / telco_cloud_infrastructure	3.0	3.0.x
vmware / telco_cloud_platform	2.0	2.0.x
vmware / telco_cloud_platform	2.5	2.5.x
vmware / telco_cloud_platform	2.7	2.7.x
vmware / telco_cloud_platform	3.0	3.0.x
vmware / telco_cloud_platform	4.0	4.0.x
vmware / telco_cloud_platform	4.0.1	4.0.1.x
vmware / telco_cloud_platform	5.0	5.0.x

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Vulnerability Database

289,599

CVE-2025-22226